Nessus is a program to automatically search for known flaws in the protection of information systems. It can detect the most common types of vulnerabilities, for example:
- Availability of vulnerable versions of services or domains
- Configuration errors (for example, no need for authorization on the SMTP server)
- The presence of default passwords, blank, or weak passwords
| Nessus | |
|---|---|
| Type of | Vulnerability Scanner |
| Developer | Tenable network security |
| operating system | Cross platform software |
| First edition | 1998 |
| Latest version | 8.2.3 |
| License | Proprietary software |
| Site | tenable.com |
The program has a client-server architecture, which greatly expands the capabilities of scanning. According to a survey conducted by securitylab.ru, nessus is used by 17% of respondents [1]
Content
Use
Primarily used for port scanning and identifying services that use them. It also checks services based on vulnerabilities. Vulnerabilities are tested using special plug-ins written in NASL (Nessus Attack Scripting Language).
The vulnerability database is updated weekly, but for commercial subscribers it is possible to download new plug-ins without a seven-day delay.
With the “safe checks” option disabled, some vulnerability tests used by Nessus can lead to disruptions in the operation of scanned systems.
History
The Nessus project was founded in 1998 . It was originally open source software . In October 2005, Tenable Network Security decided to close the source code of the application and make it proprietary . [2] The Nessus 2 source code was the basis for the OpenVAS open vulnerability scanner project .
Notes
- ↑ Comparative analysis of security scanners. Part 1: penetration test (short summary)
- ↑ LeMay, Renai . Nessus security tool closes its source , CNet (October 6, 2005).